Chinese Hackers Found Deep Within Telecom Backbone Infrastructure
Researchers uncovered a China linked state actor deploying kernel implants and passive backdoors within global telecommunications backbone infrastructure for long term persistence. The operation appears designed for high level espionage and sustained access to critical environments.
Source: SecurityWeek

ShadowPrompt Vulnerability Enables Silent Hijacking of Claude Chrome Extension
A vulnerability in the Claude Chrome extension allowed any website to inject instructions into the AI assistant without user interaction. By chaining an overly permissive origin allowlist with a DOM based XSS flaw, attackers could execute arbitrary actions with user level privileges.
Source: Koi AI

Citrix Warns of Critical NetScaler Flaw Allowing Session Token Theft
Citrix patched a critical vulnerability tracked as CVE-2026-3055 that could allow unauthenticated attackers to steal sensitive data such as session tokens. The flaw is similar to previous CitrixBleed issues and requires immediate patching.
Source: BleepingComputer

GlassWorm Malware Hides RAT Inside Malicious Chrome Extension
The GlassWorm campaign uses a multi stage infection chain to deploy a persistent RAT, including a malicious Chrome extension disguised as Google Docs Offline. The malware captures keystrokes, cookies, session tokens, and screenshots while communicating with a command and control server hidden in a blockchain.
Source: Aikido Security

Critical GitLab Flaws Enable App Impersonation and AI Token Exposure
GitLab released patches for multiple high severity vulnerabilities that could allow attackers to impersonate applications, execute unauthorized actions, and perform denial of service attacks. The flaws also pose a risk of exposing AI related tokens and compromising account integrity.
Source: SecurityOnline